26-02-2011, 10:48 AM
PRESENTED BY:
Nick Pullman
[attachment=9151]
Java Cryptography
Basic Cryptographic Functions
Private/Public Key Pair Generation
Secret Key Generation
Hash Functions
Digital Signatures
Random Number Generation
Encryption/Decryption
Java Cryptographic Overview
Java cryptography uses 2 main APIs
• Java Cryptographic Architecture (JCA)
• Java Cryptographic Extensions (JCE)
Robust and Extensible
Platform independent
Interoperable among vendor implementations
Java Cryptographic Architecture
JCA/JCE define the types and functionalities of different cryptographic services
The actual cryptographic implementation is done by service providers
JCA/JCE is made up of mostly “engine” classes which provide a standard interface into the service providers
This makes the overall implementation extensible since new service providers can be “plugged in”
JCA Overview
Core classes and interfaces related to Java cryptography
Contains 2 provider classes that are used to manage and maintain the service providers
• Provider: class that represents a cryptographic service provider
• Security: class that manages the installed providers and their security properties
Contains a number of engine classes which are used to interface with cryptographic services
JCA Classes
MessageDigest: used to implement one-way hash functions such as MD5 or SHA
Signature: used to implement digital signatures
KeyPairGenerator: used to create public/private key pairs for different algorithms
KeyFactory: used to convert keys into key specifications and then vice-versa
CertificateFactory: used to generate certificates
KeyStore: used to create a keystore which maintains keys and certificates in memory for later usage
AlgorithmParameters: used to maintain the security parameters for specific algorithms
AlgorithmParameterGenerator: used to create a set of parameters to be used for specific algorithms
SecureRandom: used to create random or pseudo-random numbers
JCA Examples
Create Message Digest
• byte[] dataBytes = “This is test data”.getBytes(); MessageDigest md = MessageDigest.getInstance("SHA1"); md.update(dataBytes); byte[] digest = md.digest();
First, the test data is populated.
Second, a concrete message digest object is created with SHA1 as the cryptographic algorithm
Third, the message digest object is updated; i.e. the digest is updated using the current bytes
Finally, the digest method completes the algorithm
Create Keystore
• KeyStore ks = KeyStore.getInstance("JCEKS"); ks.load(null,password.toCharArray());
java.io.FileOutputStream fos = new java.io.FileOutputStream(keyFilePath);
ks.store(fos, password.toCharArray());
fos.close();
First, create the concrete KeyStore object.
Second, load “ks” with a null input
Third, create the output stream to save the file.
Fourth, the store method saves the KeyStore to the file specified and protects it with the password
Finally, close the output stream.